Washington Takes Note of Microsoft's Do-Not-Track Approach in IE 10

A technical decision floated by Microsoft to address privacy issues in Internet Explorer is drawing comments from U.S. public officials.

Microsoft's plan to turn on a do-not-track (DNT) privacy feature in Internet Explorer 10 by default has drawn recent praise and criticism from Washington. Those comments are arriving this week, even as the Worldwide Web Consortium (W3C) continues to shore up its work on the technical aspects of a DNT proposal for all Web browsers, not just for Microsoft's IE.

Microsoft was one of the original parties that shepherded the DNT proposal at the W3C. In May, Microsoft announced that it planned to turn on its own implementation of the W3C's DNT spec in Internet Explorer 10 by default -- apparently contradicting W3C draft discussions, which have suggested that an opt-in approach may get proposed in the final recommendation.

The W3C Tracking Protection Working Group is meeting this week in Bellevue, Wash. to work on DNT draft details. The draft proposes a method for browsers to indicate that user clickstream data should not be tracked by, or shared with, so-called "third-party" advertisers (also known as "data brokers"). The W3C is considering a header mechanism, described as "DNT: 1," that would broadcast a user's preference not to be tracked. The W3C is also considering a "tracking selection list" privacy mechanism. Both methods are scheduled to become "recommendations" (the W3C's language for a finalized specification) in October. A list of the Working Group's "raised issues," currently under consideration, can be found here.

Washington Speak Out
While the W3C's technical meetings are proceeding this week, advocacy in Washington over DNT is becoming more vocal. On Tuesday, U.S. Congresspersons Edward J. Markey, D-Mass., and Joe Barton, R-Texas, who are cochairmen of the Bi-Partisan Privacy Caucus, issued a letter to the W3C's working group advocating on behalf of Microsoft's default DNT approach.

"We have long endorsed a standard that allows consumers to affirmatively choose whether to permit collection of their personal information and targeting of advertisements. In this spirit, we call on W3C participants to make the protection of consumer privacy a priority and support Microsoft's announcement by endorsing a default Do Not Track Setting," the congressmen wrote in their letter (PDF).

In response, J. Thomas Rosch, a commissioner at the U.S. Federal Trade Commission (FTC), issued his own letter to the W3C, disagreeing specifically with Markey and Barton's advocacy of turning on DNT in browsers by default.

"To the contrary, Microsoft's default DNT setting means that Microsoft, not consumers, will be exercising choice as to what signal the browser will send," Rosch wrote in a Wednesday-dated letter (PDF).

Rosch earlier wrote a dissenting opinion to an FTC document published in March that outlines national privacy goals. The document, "Recommendations for Businesses and Policymakers" on protecting consumer privacy (PDF), builds upon an FTC staff proposal floated in December 2010. The March document offers up FTC privacy recommendations, but does not propose enforcement mechanisms. Rosch claims in his dissent that the FTC "repeatedly sides with consumer organizations and large enterprises" in its March proposal. He also objects to the document's advocacy of enabling privacy "by default." However, he's skeptical about the Digital Advertising's Alliance's (DAA's) claims that it will honor DNT requests.

"It may be that the firms professing an interest in self-regulation are really talking about a 'Do Not Target' mechanism, which would only prevent a firm from serving targeted ads, rather than a 'Do Not Track' mechanism, which would prevent the collection of consumer data altogether," Rosch wrote. "For example, the DAA's Self-Regulatory Principles for Multi-Site Data do not apply to data collected for 'market research' or 'product development'."

The Electronic Frontier Foundation (EFF) has also questioned the DAA's motives, suggesting that it is "chipping away at Do Not Track's simplicity" with nuanced language. The nonprofit EFF, which advocates for Internet privacy and free speech issues, noted that the Interactive Advertising Bureau, which is responsible for "86% of online advertising in the United States," opposes the W3C's DNT efforts. The W3C DNT proposal relies on voluntary compliance by third-party advertisers, but they might not go along with that part of the plan.

Consumer Privacy Bill of Rights
In February, the Obama administration proposed a "consumer privacy bill of rights" that would add FTC enforcement capabilities to privacy goals. One idea in this bill of rights is that "companies should provide consumers appropriate control over the personal data that consumers share with others and over how companies collect, use, or disclose personal data."

The bill of rights also proposes establishing "the groundwork for increasing interoperability between the U.S. data privacy framework and those of our trading partners." However, this latter item could prove a major stumbling block, since European Union countries have vastly superior online privacy policies to the United States and are considering enhancing them even further.